#!/bin/sh
#
#  Copyright 2020 F5 Networks
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#

set -eu

parseBoolean() {
  case "$1" in
    TRUE | true | True | YES | Yes | 1)
      echo 1
      ;;
    *)
      echo 0
      ;;
  esac
}

# This line is an addition to the NGINX Docker image's entrypoint script.
if [ "${DNS_RESOLVERS+x}" = "" ]; then
    resolvers=""

    # This method of pulling individual nameservers from
    # /etc/resolv.conf taken from the entrypoint script in the
    # official docker image.
    # https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/15-local-resolvers.envsh
    for ip in $(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
    do
        if echo "${ip}" | grep -q ':'; then
          resolvers="$resolvers [${ip}]"
        else
          resolvers="$resolvers $ip"
        fi
    done
    DNS_RESOLVERS="${resolvers}"
    export DNS_RESOLVERS
fi

# Normalize the CORS_ENABLED environment variable to a numeric value
# so that it can be easily parsed in the nginx configuration.
CORS_ENABLED="$(parseBoolean "${CORS_ENABLED}")"
export CORS_ENABLED

# By enabling CORS, we also need to enable the OPTIONS method which
# is not normally used as part of the gateway. The following variable
# defines the set of acceptable headers.
if [ "${CORS_ENABLED}" = "1" ]; then
  export LIMIT_METHODS_TO="GET HEAD OPTIONS"
  export LIMIT_METHODS_TO_CSV="GET, HEAD, OPTIONS"
else
  export LIMIT_METHODS_TO="GET HEAD"
  export LIMIT_METHODS_TO_CSV="GET, HEAD"
fi

if [ "${CORS_ALLOWED_ORIGIN+x}" = "" ]; then
  export CORS_ALLOWED_ORIGIN="*"
fi

# See documentation for this feature. We do not parse this as a boolean
# since "true" and "false" are the required values of the header this populates
if [ "${CORS_ALLOW_PRIVATE_NETWORK_ACCESS+x}" != "true" ] && [ "${CORS_ALLOW_PRIVATE_NETWORK_ACCESS+x}" != "false" ]; then
  export CORS_ALLOW_PRIVATE_NETWORK_ACCESS=""
fi

# This is the primary logic to determine the s3 host used for the
# upstream (the actual proxying action) as well as the `Host` header
#
# It is currently slightly more complex than necessary because we are transitioning
# to a new logic which is defined by "virtual-v2". "virtual-v2" is the recommended setting
# for all deployments.

# S3_UPSTREAM needs the port specified. The port must
# correspond to https/http in the proxy_pass directive.
if [ "${S3_STYLE}" = "virtual-v2" ]; then
  export S3_UPSTREAM="${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT}"
  export S3_HOST_HEADER="${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT}"
elif [ "${S3_STYLE}" = "path" ]; then
  export S3_UPSTREAM="${S3_SERVER}:${S3_SERVER_PORT}"
  export S3_HOST_HEADER="${S3_SERVER}:${S3_SERVER_PORT}"
else
  export S3_UPSTREAM="${S3_SERVER}:${S3_SERVER_PORT}"
  export S3_HOST_HEADER="${S3_BUCKET_NAME}.${S3_SERVER}"
fi

# Use default proxy_cache_use_stale settings if the variable is not defined
if [ "${PROXY_CACHE_USE_STALE+x}" = "" ]; then
  export PROXY_CACHE_USE_STALE="error timeout http_500 http_502 http_503 http_504"
fi
